libnet keytab: add function libnet_keytab_remove_entries().

This can be used to remove entries of given principal, kvno and enctype.

Michael

diff --git a/source/libnet/libnet_keytab.c b/source/libnet/libnet_keytab.c
index 175d243705de07295a6582e24a37753a2577cedd..a748599c782a277549f6f06154fae2bdf49079f2 100644 (file)
--- a/source/libnet/libnet_keytab.c
+++ b/source/libnet/libnet_keytab.c
@@ -223,4 +223,94 @@ cont:
        return entry;
 }
 
+/**
+ * Remove all entries that have the given principal, kvno and enctype.
+ */
+krb5_error_code libnet_keytab_remove_entries(struct libnet_keytab_context *ctx,
+                                            const char *principal,
+                                            int kvno,
+                                            const krb5_enctype enctype)
+{
+       krb5_error_code ret;
+       krb5_kt_cursor cursor;
+       krb5_keytab_entry kt_entry;
+
+       ZERO_STRUCT(kt_entry);
+       ZERO_STRUCT(cursor);
+
+       ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor);
+       if (ret) {
+               return 0;
+       }
+
+       while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0)
+       {
+               char *princ_s = NULL;
+
+               if (kt_entry.vno != kvno) {
+                       goto cont;
+               }
+
+               if (kt_entry.key.enctype != enctype) {
+                       goto cont;
+               }
+
+               ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal,
+                                           &princ_s);
+               if (ret) {
+                       DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n",
+                                 error_message(ret)));
+                       goto cont;
+               }
+
+               if (strcmp(principal, princ_s) != 0) {
+                       goto cont;
+               }
+
+               /* match found - remove */
+
+               DEBUG(10, ("found entry for principal %s, kvno %d, "
+                          "enctype %d - trying to remove it\n",
+                          princ_s, kt_entry.vno, kt_entry.key.enctype));
+
+               ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor);
+               ZERO_STRUCT(cursor);
+               if (ret) {
+                       DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n",
+                                 error_message(ret)));
+                       goto cont;
+               }
+
+               ret = krb5_kt_remove_entry(ctx->context, ctx->keytab,
+                                          &kt_entry);
+               if (ret) {
+                       DEBUG(5, ("krb5_kt_remove_entry failed (%s)\n",
+                                 error_message(ret)));
+                       goto cont;
+               }
+               DEBUG(10, ("removed entry for principal %s, kvno %d, "
+                          "enctype %d\n", princ_s, kt_entry.vno,
+                          kt_entry.key.enctype));
+
+               ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor);
+               if (ret) {
+                       DEBUG(5, ("krb5_kt_start_seq_get failed (%s)\n",
+                                 error_message(ret)));
+                       goto cont;
+               }
+
+cont:
+               smb_krb5_kt_free_entry(ctx->context, &kt_entry);
+               SAFE_FREE(princ_s);
+       }
+
+       ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor);
+       if (ret) {
+               DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n",
+                         error_message(ret)));
+       }
+
+       return ret;
+}
+
 #endif /* HAVE_KRB5 */

diff --git a/source/libnet/libnet_proto.h b/source/libnet/libnet_proto.h
index 43046a44c0cd2903cc45690f26d6b489d675d5a4..26ffbfce8c6d9e28e9a2ff4688169ecee660b355 100644 (file)
--- a/source/libnet/libnet_proto.h
+++ b/source/libnet/libnet_proto.h
@@ -55,6 +55,11 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c
                                                 const char *principal, int kvno,
                                                 const const krb5_enctype enctype,
                                                 TALLOC_CTX *mem_ctx);
+
+krb5_error_code libnet_keytab_remove_entries(struct libnet_keytab_context *ctx,
+                                            const char *principal,
+                                            int kvno,
+                                            const krb5_enctype enctype);
 #endif
 
 /* The following definitions come from libnet/libnet_samsync.c  */